[tristan9]

These blogposts document the attack. Documenting it and acting in it are different.

There’s no practical action being taken besides « use our profucts cause we can tank it for you » here.

The mitigations listed are better than nothing, but the fact that every skid out there can hire a botnet of a few thousands compromised machines (like here) and send you a few millions (say this protocol attack allowed a 100x higer than avg impact) rps is way enough to kill the infra of 99.99% websites. No questions asked.